<?php
	include_once("constant.php");
	$action = $_POST["ACTION"];
	if($action == "REG"){
		$fname = $_POST["txtFName"];
		$lname = $_POST["txtLName"];
		$user = $_POST["txtUsername"];
		$pass = $_POST["txtPassword"];
	
		$salt = "U" . $pass . "P";
		$pass = sha1($salt);
		
		$today = date("Y-m-d H:i:s");
		$sql = "insert into users(username, pwd, fname, lname, createdDate, active) 
			values('" . $user . "',X'". $pass . "','" . $fname . "','" . $lname . "',cast('" . $today . "' as datetime)" . ",1)";
		
		$connection = new mysqli(dbhost, dblogin, dbpwd, database) or	die("Couldn't connect to database!");
		$connection->set_charset("utf8");
		$result = $connection->query($sql) or die("Query failed!");
		//$threadId = $connection->thread_id;
		$connection->close();
		
		if($result != false){
			header("Location:../index.php");
		}else{
			header("Location:../index.php");
		}
		//header("Location: ../index.php");
	}else if($action == "LOGIN"){
		$user = $_POST["txtUsername"];
		$pass = $_POST["txtPassword"];
		$device = 0;
		if(isset($_POST["DEVICE"])){
			$device = $_POST["DEVICE"];
		}
		$salt = "U" . $pass . "P";
		$pass = sha1($salt);
		
		$loginTime = date("Y-m-d H:i:s");
	
		//$sql = "select id, username from Users where username='{$user}' and hex(pwd)='{$pass}' and active=1";
		$sql = "select id, username, acctype from users where username='{$user}' and pwd=X'".$pass."' and active=1";
		//$sqllog = "insert into user_log(userId, login_time, latitude, longitude, device, token)";
		
		$connection = new mysqli(dbhost, dblogin, dbpwd, database) or	die("Couldn't connect to database!");
		$connection->set_charset("utf8");
		$result = $connection->query($sql) or die("Query failed!");
		//$threadId = $connection->thread_id;
		
		if($result != false){
			if($row = $result->fetch_assoc()){
				$userId = $row["id"];
				//Generate token for this session
				$token = sha1($loginTime . "-" .$userId);
				$sqllog = "insert into user_log(userId, login_time, latitude, longitude, device, token)
					values(".$userId.", cast('" . $loginTime . "' as datetime), 0, 0, ".$device.",'".$token."');";
				$connection->query($sqllog) or die("Query failed!");
				session_start();
				$_SESSION["loggedUser"] = $row["username"];
				$_SESSION["loggedUserId"] = $userId;
				$_SESSION["token"] = $token;
				$_SESSION["accountType"] = $row["acctype"];
				//header("Location:../index.php");
				header("Location:../". $_SESSION["page"]);
			}else{
				header("Location:../index.php");
			}
		}else{
			header("Location:../index.php");
		}
		$connection->close();
		//header("Location: ../index.php");
	}else if($action == "LOGOUT"){
		session_start();
		$logoutTime = date("Y-m-d H:i:s");
		$sqllog = "update user_log set logout_time=cast('" . $logoutTime . "' as datetime) where userId=" . $_SESSION["loggedUserId"] . " and token='" . $_SESSION["token"] . "'";
		$connection = new mysqli(dbhost, dblogin, dbpwd, database) or	die("Couldn't connect to database!");
		$connection->set_charset("utf8");
		$connection->query($sqllog) or die("Query failed!");
		$connection->close();
		$_SESSION["loggedUser"] = null;
		$_SESSION["loggedUserId"] = null;
		$_SESSION["token"] = null;
		header("Location: ../index.php");
	}
?>
